[Webkit-unassigned] [Bug 259253] New: [iOS] Various editing layout tests occasionally crash under TextChecker::closeSpellDocumentWithTag

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Jul 15 18:10:59 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=259253

            Bug ID: 259253
           Summary: [iOS] Various editing layout tests occasionally crash
                    under TextChecker::closeSpellDocumentWithTag
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Tools / Tests
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: wenson_hsieh at apple.com

To reproduce, run these 3 tests back to back:

1. editing/input/cocoa/autocorrect-on.html
2. editing/pasteboard/paste-blockquote-1.html
3. editing/pasteboard/paste-does-not-fire-promises-while-sanitizing-web-content.html

Or more generally,

1. Run a test that installs the fake text checker on iOS.
2. Run any other layout test.
3. Run a layout test that shows an edit menu by tapping or selecting text.

...the test in (3) will crash with an overelease under something like:

```
Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   libobjc.A.dylib                        0x1044e2280 objc_release + 16
1   WebKit                                 0x10d12abac WTF::RetainPtr<UITextChecker>::~RetainPtr() + 8 (RetainPtr.h:198) [inlined]
2   WebKit                                 0x10d12abac WTF::RetainPtr<UITextChecker>::~RetainPtr() + 8 (RetainPtr.h:196) [inlined]
…
10  WebKit                                 0x10d1226f8 WTF::HashMap<long long, WTF::RetainPtr<UITextChecker>, WTF::DefaultHash<long long>, WTF::HashTraits<long long>, WTF::HashTraits<WTF::RetainPtr<UITextChecker>>, WTF::HashTableTraits>::remove(long long const&) + 80 (HashMap.h:502) [inlined]
11  WebKit                                 0x10d1226f8 WebKit::TextChecker::closeSpellDocumentWithTag(long long) + 112 (TextCheckerIOS.mm:189)
12  WebKit                                 0x10d207594 WebKit::WebPageProxy::~WebPageProxy() + 264 (WebPageProxy.cpp:726)
13  WebKit                                 0x10ce7680c -[WKObject dealloc] + 64 (WKObject.mm:58)
```

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230716/f5bc2503/attachment.htm>

More information about the webkit-unassigned mailing list